Legal
Google API Services User Data Policy Disclosure
Last updated: May 22, 2026
This addendum supplements the Terse Privacy Policy and applies whenever Terse accesses information from Google APIs, including Gmail. In the event of any conflict between this addendum and the main Privacy Policy with respect to Google user data, this addendum controls.
Limited Use of Google User Data
Terse’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, Terse will not:
- Use Google user data for serving advertisements, including retargeting or personalized or interest-based advertising.
- Sell, rent, or transfer Google user data to third parties such as advertising platforms, data brokers, or information resellers.
- Allow humans to read Google user data, except: (i) with the user’s affirmative agreement for specific messages; (ii) where necessary for security purposes such as investigating abuse; (iii) to comply with applicable law; or (iv) where the data has been aggregated and is used for internal operations.
- Use Google user data to develop, improve, or train generalized or non-personalized artificial intelligence or machine learning models. Gmail message content sent to large language model providers (see “Third-Party Sub-Processors” below) is processed solely to produce output for the user in the same session and is never retained by those providers for model training.
Google Account Scopes Requested
Terse requests the minimum Gmail OAuth scopes required to deliver its features. The table below describes each scope, why it is required, and what we access.
| Scope | Why we request it | What we access |
|---|---|---|
https://www.googleapis.com/auth/gmail.readonly | To detect incoming Gmail messages and pass them to user-configured automations (e.g., agents that draft replies, classify, or summarize). Without read access, Terse cannot determine when an automation should run or what to act on. | The metadata, headers, body, and attachments of messages in the connected inbox. |
https://www.googleapis.com/auth/gmail.compose | To create draft replies for the user to review and send, and to send messages the user has explicitly configured (for example, a daily summary email to themselves or to a Google Group). We use compose rather than gmail.send because send alone cannot create the drafts that are central to our product; compose covers both drafting and sending with a single, narrower-purpose scope. | Drafts and sent messages created on the user’s behalf at the user’s direction. |
Terse does not request gmail.modify, gmail.labels, gmail.metadata, or any other Gmail scope.
How We Use Google User Data
- Triggering automations. Inbound Gmail messages are passed to the user’s configured Terse automations to determine whether an automation should run.
- Drafting replies. When an automation produces a reply, Terse creates a draft in the user’s Gmail account. Drafts are not sent automatically; the user reviews and sends them from Gmail.
- Sending user-directed messages. When the user has configured an automation to send a specific message (for example, a summary email to themselves or to a Google Group they own), Terse sends that message via the Gmail API. The user has the option to add human in the loop review before the message is sent.
- Audit logging. Terse logs metadata about automation runs (for example, “draft created for message X”) so users and operators can debug automation behavior. These logs do not contain Gmail message content.
We do not use Google user data for any other purpose. We do not analyze Gmail content for marketing, advertising, or product analytics. We do not train models on Gmail content.
Third-Party Sub-Processors That May Receive Google User Data
Gmail content may be transmitted to the following sub-processors strictly to deliver user-facing features:
| Sub-processor | Purpose | Data sent | Data retention by sub-processor |
|---|---|---|---|
| OpenAI (privacy policy) | Large language model inference for user-configured automations. | Gmail message content (headers, body, attachments) included in the prompt the user’s automation constructs. | Per Terse’s API agreement with OpenAI, content sent via the API is not used to train OpenAI models and is retained only for the limited operational windows described in OpenAI’s API data usage policy. |
| Anthropic (privacy policy) | Large language model inference for user-configured automations. | Gmail message content (headers, body, attachments) included in the prompt the user’s automation constructs. | Per Terse’s API agreement with Anthropic, content sent via the API is not used to train Anthropic models and is retained only for the limited operational windows described in Anthropic’s usage policy. |
| Render | Cloud hosting, managed Postgres, and compute for Terse’s application services that process automation runs. | Gmail message content (headers, body, attachments) transits through Render compute during automation execution. | Processed in memory; not persisted by Render. Any Terse-side retention follows the schedule described in “Data Retention and Deletion” below. |
| Google Cloud (GCP) (Google LLC) | Object storage for email attachments referenced by automations, and secret management for encrypted credentials such as Gmail OAuth access and refresh tokens. | Attachment files from Gmail messages (used as a temporary cache) and encrypted Gmail OAuth tokens. No Gmail message bodies, headers, or metadata are stored in GCP. | Stored in Terse’s own Google Cloud project under encryption-at-rest; deleted on the schedule described in “Data Retention and Deletion” below. |
| Modal (privacy policy) | Sandboxed execution environment for user-authored TypeScript SDK jobs. When a user creates an SDK job that runs on a Gmail event, the job code executes inside a Modal sandbox. | Gmail message content (headers, body, attachments) passed into the SDK job at runtime. Only applies when the user has configured an SDK job triggered by Gmail. | Processed in memory inside the sandbox for the duration of the job run; not persisted by Modal after the sandbox terminates. |
PostHog, our product-analytics provider, receives only event metadata (for example, “automation triggered”). PostHog does not receive Gmail message content, subject lines, sender or recipient addresses, attachments, or any other Google user data.
We do not transfer Google user data to any sub-processor not listed above.
Data Retention and Deletion
- Access and refresh tokens are stored encrypted at rest in Terse’s secret store and are retained until the user disconnects their Gmail account.
- Gmail message content is processed in memory at the time an automation runs. Any Gmail data Terse retains — including message excerpts captured in agent run history, attachments stored in Google Cloud Storage, and metadata-only audit logs — is retained for no longer than 30 days, after which it is automatically deleted.
- On disconnection or account deletion, Terse revokes the OAuth refresh token with Google and deletes all stored Gmail data (metadata, run history, and attachments) within 30 days.
Revoking Terse’s Access to Your Gmail Account
You may revoke Terse’s access to your Gmail account at any time using any of the following methods:
- From within the Terse web app, navigate to Settings → Integrations → Gmail and click Disconnect. Terse will revoke the OAuth token and delete associated data as described above.
- From the Terse CLI, run
terse integrations disconnect gmail. This performs the same revocation and deletion as the web app. - From your Google Account at myaccount.google.com/permissions, select Terse, and click Remove access.
Account and Data Deletion
To delete your entire Terse account and all associated data (including any Gmail data Terse has stored), email privacy@useterse.ai. Deletion completes within 30 days.
Contact
Questions about Terse’s use of Google user data should be directed to privacy@useterse.ai.